注释:    [A]表示该文件存在自启动关联;
    [M]表示该文件在内存中;

+ 注册表自运行项目
  + 系统服务
    + HKLM\System\CurrentControlSet\Services
      RsCCenter
        [AM] 1. c:\program files\rising\rav\ccenter.exe


      RsRavMon
        [A ] 2. c:\program files\rising\rav\ravmond.exe


      WMPNetworkSvc
        [A ] 3. c:\program files\windows media player\wmpnetwk.exe


      WudfSvc
        [A ] 4. c:\windows\system32\wudfsvc.dll




  + 内核驱动
    + HKLM\System\CurrentControlSet\Services
      ALCXSENS
        [A ] 5. c:\windows\system32\drivers\alcxsens.sys


      ALCXWDM
        [A ] 6. c:\windows\system32\drivers\alcxwdm.sys


      AmdK8
        [A ] 7. c:\windows\system32\drivers\amdk8.sys


      BaseTDI
        [A ] 8. c:\windows\system32\drivers\basetdi.sys


      ExpScaner
        [A ] 9. c:\program files\rising\rav\expscan.sys


      HookCont
        [A ] 10. c:\program files\rising\rav\hookcont.sys


      HookReg
        [A ] 11. c:\program files\rising\rav\hookreg.sys


      HookSys
        [A ] 12. c:\program files\rising\rav\hooksys.sys


      MEMSCAN
        [A ] 13. c:\program files\rising\rav\memscan.sys


      NPF
        [A ] 14. c:\windows\system32\drivers\npf.sys


      npkcrypt
        [A ] 15. f:\qq\npkcrypt.sys


      RsAntiSpyware
        [A ] 16. c:\windows\system32\drivers\rsboot.sys


      RsNTGDI
        [A ] 17. c:\windows\system32\drivers\rsntgdi.sys


      RSPPSYS
        [A ] 18. c:\program files\rising\rav\rsppsys.sys


      Secdrv
        [A ] 19. c:\windows\system32\drivers\secdrv.sys


      WudfPf
        [A ] 20. c:\windows\system32\drivers\wudfpf.sys


      WudfRd
        [A ] 21. c:\windows\system32\drivers\wudfrd.sys




  + IE浏览器加载模块
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
      {01443AEC-0FD1-40fd-9C87-E93D1494C233}
        [AM] 22. e:\讯雷\comdlls\tdatonce_now.dll


      {39F7E361-828A-4B5A-BCAF-5B79BFDFEA60}
        [AM] 23. e:\讯雷\comdlls\xunleibho_now.dll


      {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
        [AM] 24. d:\downloads\新建文件夹\bitcomet\tools\bitcometbho_1.1.6.14.dll


      {C2626E66-D21B-E628-C1DF-1DACCFA36ED2}
        [AM] 25. c:\program files\common files\fjos0r.dll




  + 资源管理器加载模块
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      HyperTerminal Icon Ext
        [A ] 26. c:\windows\system32\hticons.dll


      Portable Media Devices
        [A ] 27. c:\windows\system32\audiodev.dll


      Portable Devices
        [A ] 28. c:\windows\system32\wpdshext.dll


      Portable Devices Menu
        [A ] 28. c:\windows\system32\wpdshext.dll


      WinRAR shell extension
        [A ] 29. c:\program files\winrar\rarext.dll


      RISING
        [AM] 30. c:\windows\system32\ravext.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
      {32CD708B-60A7-4C00-9377-D73EAA495F0F}
        [AM] 30. c:\windows\system32\ravext.dll


      {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
        [AM] 31. c:\windows\system32\shlhook.dll


      {CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}
        [AM] 32. c:\program files\internet explorer\onlo0r.dll


      {32C4BAF4-0411-4000-BDFB-A6F71E669F8C}
        [AM] 33. c:\windows\system32\csdoor1.dll


      {E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}
        [AM] 34. c:\windows\system32\wldoor1.dll


      {A3C95A74-638D-4C6B-A856-4B27664A7F47}
        [AM] 35. c:\windows\system32\wgdoor1.dll


      {D8CC4845-441C-44F8-9053-28F2EF67655B}
        [AM] 36. c:\windows\system32\dadoor1.dll


      {A120A1D0-CBCC-4F9B-A183-78B27E4C1B5C}
        [AM] 37. c:\windows\system32\dh3oor1.dll


      {EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}
        [AM] 38. c:\windows\system32\rxdoor1.dll


      {6826A3DB-EA8E-4E67-880D-53D04C7C0BD8}
        [AM] 39. c:\windows\system32\qjdoor1.dll


      {68F7767A-090C-4BBF-A015-720ACC6706E2}
        [AM] 40. c:\windows\system32\wddoor1.dll


      {08E909A4-B236-48DD-8BCC-90A604B93E68}
        [AM] 41. c:\windows\system32\tldoor1.dll


      {781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}
        [AM] 42. c:\windows\system32\zxdoor1.dll


      {04A0CB31-FDEB-4EB8-889B-E00ED87BCE23}
        [AM] 43. c:\windows\system32\cqdoor1.dll


      {ABD0935D-B35A-47BD-BA9A-81678DDE74DD}
        [AM] 44. c:\windows\system32\qhdoor1.dll


      {4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}
        [AM] 45. c:\windows\system32\mydoor1.dll


      {3422FB0F-95EB-458A-8B56-39552017A4EF}
        [AM] 46. c:\windows\system32\mhdoor1.dll


      {E952B8F8-D91A-4EDD-851C-EE1A0F944469}
        [AM] 47. c:\windows\system32\ztfree1.dll


      {5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}
        [AM] 48. c:\windows\system32\wodoor1.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
      WPDShServiceObj
        [AM] 49. c:\windows\system32\wpdshserviceobj.dll




  + 用户登陆自运行项目
    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      RavTask
        [AM] 50. c:\program files\rising\rav\ravtask.exe


      runeip
        [AM] 51. c:\program files\rising\antispyware\runiep.exe


      racer
        [AM] 52. c:\program files\racer-han-cnc\racer.exe



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      KKDelay
        [A ] 53. c:\program files\rising\antispyware\runonce.exe




  + 开机执行
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 54. c:\windows\system32\bsmain.exe

        [A ] 55. c:\windows\system32\kknative.exe




  + 映像劫持
    + HKCR\.bat
      batfile\print\Command
        [A ] 56. c:\p



    + HKCR\.log
      txtfile\print\Command
        [A ] 56. c:\p



    + HKCR\.txt
      txtfile\print\Command
        [A ] 56. c:\p



    + HKCR\.cmd
      cmdfile\print\Command
        [A ] 56. c:\p



    + HKCR\.reg
      regfile\print\Command
        [A ] 56. c:\p



    + HKCR\.vbs
      VBSFile\Print\Command
        [A ] 56. c:\p



    + HKCR\.js
      JSFile\Print\Command
        [A ] 56. c:\p



    + HKCR\.ini
      inifile\print\Command
        [A ] 56. c:\p



    + HKCR\.inf
      inffile\print\Command
        [A ] 56. c:\p





+ 正在运行的进程
  + 000001a4(420) smss.exe

  + 000001b8(440) racer.exe
    00400000[00025000]
      [AM] 52. c:\program files\racer-han-cnc\racer.exe


    10000000[002F4000]
      [ M] 57. c:\program files\racer-han-cnc\rwxre.dll


    30000000[00027000]
      [ M] 58. c:\program files\racer-han-cnc\nspr4.dll


    00890000[00065000]
      [ M] 59. c:\program files\racer-han-cnc\xpcom_core.dll


    003F0000[00007000]
      [ M] 60. c:\program files\racer-han-cnc\plc4.dll


    00900000[00006000]
      [ M] 61. c:\program files\racer-han-cnc\plds4.dll


    00910000[00059000]
      [ M] 62. c:\program files\racer-han-cnc\nss3.dll


    00970000[0005A000]
      [ M] 63. c:\program files\racer-han-cnc\softokn3.dll


    009D0000[00069000]
      [ M] 64. c:\program files\racer-han-cnc\js3250.dll


    00A40000[00016000]
      [ M] 65. c:\program files\racer-han-cnc\gkgfx.dll


    00A60000[00014000]
      [ M] 66. c:\program files\racer-han-cnc\xpcom_compat.dll


    00A80000[0001A000]
      [ M] 67. c:\program files\racer-han-cnc\smime3.dll


    00AA0000[0001B000]
      [ M] 68. c:\program files\racer-han-cnc\ssl3.dll


    00F00000[00012000]
      [ M] 69. c:\program files\racer-han-cnc\components\jar50.dll


    00F20000[00021000]
      [ M] 70. c:\program files\racer-han-cnc\components\racer_base_comp.dll


    00F50000[00009000]
      [ M] 71. c:\program files\racer-han-cnc\racer_base.dll

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; CNCDialer)

00F60000[00006000]
      [ M] 72. c:\program files\racer-han-cnc\kbdhook.dll


    01300000[00235000]
      [ M] 73. c:\program files\racer-han-cnc\components\gklayout.dll


    01640000[0003A000]
      [ M] 74. c:\program files\racer-han-cnc\nssckbi.dll


    01290000[0001B000]
      [ M] 75. c:\program files\rising\antispyware\ieprot.dll


    02AC0000[00008000]
      [ M] 76. c:\program files\racer-han-cnc\components\racer_ad_comp.dll


    02FA0000[00006000]
      [ M] 77. c:\program files\racer-han-cnc\components\racer_access_pppoe.dll


    02FB0000[00034000]
      [ M] 78. c:\program files\racer-han-cnc\pppoe.dll


    03740000[00006000]
      [ M] 79. c:\program files\racer-han-cnc\components\racer_nss4_comp.dll


    03750000[00049000]
      [ M] 80. c:\program files\racer-han-cnc\nss4.dll


    037A0000[00041000]
      [ M] 81. c:\program files\racer-han-cnc\wpcap.dll


    037F0000[00015000]
      [ M] 82. c:\program files\racer-han-cnc\packet.dll


    03810000[00010000]
      [ M] 83. c:\program files\racer-han-cnc\wanpacket.dll


    02D90000[00009000]
      [AM] 48. c:\windows\system32\wodoor1.dll


    02DE0000[00006000]
      [AM] 47. c:\windows\system32\ztfree1.dll


    02DF0000[00006000]
      [AM] 46. c:\windows\system32\mhdoor1.dll


    02F00000[00007000]
      [AM] 45. c:\windows\system32\mydoor1.dll


    02F10000[00006000]
      [AM] 44. c:\windows\system32\qhdoor1.dll


    02F20000[00007000]
      [AM] 43. c:\windows\system32\cqdoor1.dll


    02F60000[00008000]
      [AM] 42. c:\windows\system32\zxdoor1.dll


    02F70000[00006000]
      [AM] 41. c:\windows\system32\tldoor1.dll


    02F80000[00006000]
      [AM] 40. c:\windows\system32\wddoor1.dll


    03C00000[00008000]
      [AM] 39. c:\windows\system32\qjdoor1.dll


    03DA0000[00006000]
      [AM] 38. c:\windows\system32\rxdoor1.dll


    03DB0000[00006000]
      [AM] 37. c:\windows\system32\dh3oor1.dll


    03DC0000[00006000]
      [AM] 36. c:\windows\system32\dadoor1.dll


    03DD0000[00008000]
      [AM] 35. c:\windows\system32\wgdoor1.dll


    03DE0000[00006000]
      [AM] 34. c:\windows\system32\wldoor1.dll


    03DF0000[00006000]
      [AM] 33. c:\windows\system32\csdoor1.dll



  + 000001c8(456) ctfmon.exe
    10000000[0001B000]
      [ M] 75. c:\program files\rising\antispyware\ieprot.dll



  + 000001dc(476) csrss.exe

  + 000001f4(500) winlogon.exe
    72C80000[00008000]
      [ M] 84. c:\windows\system32\msacm32.drv



  + 00000220(544) services.exe
    47260000[0000F000]
      [ M] 85. c:\windows\apppatch\acadproc.dll



  + 0000022c(556) lsass.exe

  + 000002c8(712) svchost.exe

  + 00000300(768) svchost.exe

  + 00000344(836) CCenter.exe
    00400000[0001E000]
      [AM] 1. c:\program files\rising\rav\ccenter.exe



  + 00000354(852) svchost.exe
    50E60000[0000C000]
      [ M] 86. c:\windows\system32\wups2.dll



  + 00000380(896) svchost.exe

  + 000003a4(932) svchost.exe

  + 00000448(1096) alg.exe

  + 000004d8(1240) Explorer.EXE
    011C0000[00006000]
      [AM] 33. c:\windows\system32\csdoor1.dll


    011B0000[00006000]
      [AM] 34. c:\windows\system32\wldoor1.dll


    01380000[00019000]
      [AM] 32. c:\program files\internet explorer\onlo0r.dll


    013E0000[00008000]
      [AM] 35. c:\windows\system32\wgdoor1.dll


    00C00000[00006000]
      [AM] 36. c:\windows\system32\dadoor1.dll


    00CB0000[00006000]
      [AM] 37. c:\windows\system32\dh3oor1.dll


    015D0000[00006000]
      [AM] 38. c:\windows\system32\rxdoor1.dll


    01A70000[00008000]
      [AM] 39. c:\windows\system32\qjdoor1.dll


    01C20000[00006000]
      [AM] 40. c:\windows\system32\wddoor1.dll


    024A0000[00006000]
      [AM] 41. c:\windows\system32\tldoor1.dll


    02620000[00008000]
      [AM] 42. c:\windows\system32\zxdoor1.dll


    025D0000[00007000]
      [AM] 43. c:\windows\system32\cqdoor1.dll


    164A0000[00023000]
      [AM] 49. c:\windows\system32\wpdshserviceobj.dll


    02BD0000[00006000]
      [AM] 44. c:\windows\system32\qhdoor1.dll


    02D40000[00007000]
      [AM] 45. c:\windows\system32\mydoor1.dll


    02EF0000[00006000]
      [AM] 46. c:\windows\system32\mhdoor1.dll


    03020000[00006000]
      [AM] 47. c:\windows\system32\ztfree1.dll


    03190000[00009000]
      [AM] 48. c:\windows\system32\wodoor1.dll


    72C80000[00008000]
      [ M] 84. c:\windows\system32\msacm32.drv


    109C0000[0002C000]
      [ M] 87. c:\windows\system32\portabledevicetypes.dll


    10930000[00049000]
      [ M] 88. c:\windows\system32\portabledeviceapi.dll


    032E0000[0001B000]
      [ M] 75. c:\program files\rising\antispyware\ieprot.dll


    10000000[0001B000]
      [AM] 30. c:\windows\system32\ravext.dll


    03490000[00011000]
      [AM] 31. c:\windows\system32\shlhook.dll



  + 00000518(1304) spoolsv.exe

  + 00000544(1348) Ras.exe
    00400000[00160000]
      [ M] 89. c:\program files\rising\antispyware\ras.exe


    10000000[00013000]
      [ M] 90. c:\program files\rising\antispyware\topsoft.dll


    7C140000[00103000]
      [ M] 91. c:\program files\rising\antispyware\mfc71.dll


    7C340000[00056000]
      [ M] 92. c:\program files\rising\antispyware\msvcr71.dll


    7C3A0000[0007B000]
      [ M] 93. c:\program files\rising\antispyware\msvcp71.dll


    00E10000[000BD000]
      [ M] 94. c:\program files\rising\antispyware\rasgui.dll


    01510000[0001B000]
      [AM] 30. c:\windows\system32\ravext.dll


    01540000[00011000]
      [AM] 31. c:\windows\system32\shlhook.dll


    015D0000[0001B000]
      [ M] 75. c:\program files\rising\antispyware\ieprot.dll


    019A0000[00009000]
      [AM] 48. c:\windows\system32\wodoor1.dll


    019C0000[00006000]
      [AM] 47. c:\windows\system32\ztfree1.dll


    019B0000[00006000]
      [AM] 46. c:\windows\system32\mhdoor1.dll


    019D0000[00007000]
      [AM] 45. c:\windows\system32\mydoor1.dll


    019F0000[00006000]
      [AM] 44. c:\windows\system32\qhdoor1.dll


    01A00000[00007000]
      [AM] 43. c:\windows\system32\cqdoor1.dll


    01A10000[00008000]
      [AM] 42. c:\windows\system32\zxdoor1.dll


    01A20000[00006000]
      [AM] 41. c:\windows\system32\tldoor1.dll


    01A40000[00006000]
      [AM] 40. c:\windows\system32\wddoor1.dll


    01A50000[00008000]
      [AM] 39. c:\windows\system32\qjdoor1.dll


    01A60000[00006000]
      [AM] 38. c:\windows\system32\rxdoor1.dll


    01A70000[00006000]
      [AM] 37. c:\windows\system32\dh3oor1.dll


    01A80000[00006000]
      [AM] 36. c:\windows\system32\dadoor1.dll


    023F0000[00008000]
      [AM] 35. c:\windows\system32\wgdoor1.dll


    02400000[00006000]
      [AM] 34. c:\windows\system32\wldoor1.dll


    02410000[00006000]
      [AM] 33. c:\windows\system32\csdoor1.dll



  + 000005d8(1496) runiep.exe
    00400000[00013000]
      [AM] 51. c:\program files\rising\antispyware\runiep.exe


    00C50000[0001B000]
      [ M] 75. c:\program files\rising\antispyware\ieprot.dll

+ 00000984(2436) rundll32.exe
    10000000[00034000]
      [ M] 78. c:\program files\racer-han-cnc\pppoe.dll


    00AF0000[0001B000]
      [ M] 75. c:\program files\rising\antispyware\ieprot.dll



  + 00000ee4(3812) iexplore.exe
    10000000[00022000]
      [AM] 22. e:\讯雷\comdlls\tdatonce_now.dll


    00ED0000[00019000]
      [AM] 23. e:\讯雷\comdlls\xunleibho_now.dll


    223F0000[00009000]
      [ M] 99. e:\讯雷\components\resworker\dsbho_00.dll


    223C0000[0000C000]
      [ M] 100. e:\讯雷\components\resworker\dataprocessor_00.dll


    00F40000[0006D000]
      [AM] 24. d:\downloads\新建文件夹\bitcomet\tools\bitcometbho_1.1.6.14.dll


    00FF0000[00019000]
      [AM] 25. c:\program files\common files\fjos0r.dll


    01D50000[0001B000]
      [ M] 75. c:\program files\rising\antispyware\ieprot.dll


    01FB0000[00009000]
      [AM] 48. c:\windows\system32\wodoor1.dll


    01FC0000[00006000]
      [AM] 47. c:\windows\system32\ztfree1.dll


    01FD0000[00006000]
      [AM] 46. c:\windows\system32\mhdoor1.dll


    01FE0000[00007000]
      [AM] 45. c:\windows\system32\mydoor1.dll


    01FF0000[00006000]
      [AM] 44. c:\windows\system32\qhdoor1.dll


    02000000[00007000]
      [AM] 43. c:\windows\system32\cqdoor1.dll


    02010000[00008000]
      [AM] 42. c:\windows\system32\zxdoor1.dll


    02020000[00006000]
      [AM] 41. c:\windows\system32\tldoor1.dll


    02030000[00006000]
      [AM] 40. c:\windows\system32\wddoor1.dll


    02040000[00008000]
      [AM] 39. c:\windows\system32\qjdoor1.dll


    02050000[00006000]
      [AM] 38. c:\windows\system32\rxdoor1.dll


    02060000[00006000]
      [AM] 37. c:\windows\system32\dh3oor1.dll


    02070000[00006000]
      [AM] 36. c:\windows\system32\dadoor1.dll


    02080000[00008000]
      [AM] 35. c:\windows\system32\wgdoor1.dll


    02090000[00006000]
      [AM] 34. c:\windows\system32\wldoor1.dll


    020A0000[00006000]
      [AM] 33. c:\windows\system32\csdoor1.dll


    02680000[00019000]
      [ M] 101. c:\program files\rising\rav\ravscrch.dll


    30000000[002EF000]
      [ M] 102. c:\windows\system32\macromed\flash\flash9d.ocx


    72C80000[00008000]
      [ M] 84. c:\windows\system32\msacm32.drv



  + 00000f14(3860) Rsaupd.exe
    00400000[00024000]
      [ M] 103. c:\program files\rising\antispyware\update\rsaupd.exe


    10000000[000BD000]
      [ M] 104. c:\program files\rising\antispyware\temp\rasgui.dll


    01390000[0001B000]
      [ M] 75. c:\program files\rising\antispyware\ieprot.dll


    01190000[00009000]
      [AM] 48. c:\windows\system32\wodoor1.dll


    011A0000[00006000]
      [AM] 47. c:\windows\system32\ztfree1.dll


    011B0000[00006000]
      [AM] 46. c:\windows\system32\mhdoor1.dll


    011D0000[00007000]
      [AM] 45. c:\windows\system32\mydoor1.dll


    011E0000[00006000]
      [AM] 44. c:\windows\system32\qhdoor1.dll


    011F0000[00007000]
      [AM] 43. c:\windows\system32\cqdoor1.dll


    01200000[00008000]
      [AM] 42. c:\windows\system32\zxdoor1.dll


    01210000[00006000]
      [AM] 41. c:\windows\system32\tldoor1.dll


    01220000[00006000]
      [AM] 40. c:\windows\system32\wddoor1.dll


    01230000[00008000]
      [AM] 39. c:\windows\system32\qjdoor1.dll


    01240000[00006000]
      [AM] 38. c:\windows\system32\rxdoor1.dll


    01250000[00006000]
      [AM] 37. c:\windows\system32\dh3oor1.dll


    01260000[00006000]
      [AM] 36. c:\windows\system32\dadoor1.dll


    01850000[00008000]
      [AM] 35. c:\windows\system32\wgdoor1.dll


    01860000[00006000]
      [AM] 34. c:\windows\system32\wldoor1.dll


    01870000[00006000]
      [AM] 33. c:\windows\system32\csdoor1.dll

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <Storm2Set><C:\WINDOWS\system32\rundll32.exe "C:\PROGRA~1\StormII\StormSet.dll",CheckEnv>  [(Verified)Beijing Baofeng Inc.]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <racer><C:\Program Files\racer-han-cnc\racer.exe>  [Putian Runway]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><APIHookDll.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}><C:\Program Files\Internet Explorer\OnlO0r.dll>  [Microsoft Corporation]
    <{32C4BAF4-0411-4000-BDFB-A6F71E669F8C}><C:\WINDOWS\system32\csdoor1.dll>  []
    <{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}><C:\WINDOWS\system32\wldoor1.dll>  []
    <{A3C95A74-638D-4C6B-A856-4B27664A7F47}><C:\WINDOWS\system32\wgdoor1.dll>  []
    <{D8CC4845-441C-44F8-9053-28F2EF67655B}><C:\WINDOWS\system32\dadoor1.dll>  []
    <{A120A1D0-CBCC-4F9B-A183-78B27E4C1B5C}><C:\WINDOWS\system32\dh3oor1.dll>  []
    <{EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}><C:\WINDOWS\system32\rxdoor1.dll>  []
    <{6826A3DB-EA8E-4E67-880D-53D04C7C0BD8}><C:\WINDOWS\system32\qjdoor1.dll>  []
    <{68F7767A-090C-4BBF-A015-720ACC6706E2}><C:\WINDOWS\system32\wddoor1.dll>  []
    <{08E909A4-B236-48DD-8BCC-90A604B93E68}><C:\WINDOWS\system32\tldoor1.dll>  []
    <{781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}><C:\WINDOWS\system32\zxdoor1.dll>  []
    <{04A0CB31-FDEB-4EB8-889B-E00ED87BCE23}><C:\WINDOWS\system32\cqdoor1.dll>  []
    <{ABD0935D-B35A-47BD-BA9A-81678DDE74DD}><C:\WINDOWS\system32\qhdoor1.dll>  []
    <{4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}><C:\WINDOWS\system32\mydoor1.dll>  []
    <{3422FB0F-95EB-458A-8B56-39552017A4EF}><C:\WINDOWS\system32\mhdoor1.dll>  []
    <{E952B8F8-D91A-4EDD-851C-EE1A0F944469}><C:\WINDOWS\system32\ztfree1.dll>  []
    <{5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}><C:\WINDOWS\system32\wodoor1.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]

驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
  <System32\drivers\amdk8.sys><Advanced Micro Devices>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\F:\qq\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>

[PID: 420 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 476 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 544 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 556 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 908 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1240 / admin][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINDOWS\system32\csdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor1.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\OnlO0r.dll]  [Microsoft Corporation, 1. 0. 0. 1]
    [C:\WINDOWS\system32\rxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\StormII\Codec\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
    [C:\Program Files\StormII\Codec\PmpSplt.ax]  [cooleyes, 1, 0, 0, 8]
    [C:\Program Files\StormII\Codec\AviSplitter.ax]  [Gabest, 1, 0, 0, 7]
    [C:\Program Files\StormII\Codec\MpaSplitter.ax]  [Gabest, 1, 0, 0, 1]
    [C:\Program Files\StormII\Codec\RadGtSplitter.ax]  [Gabest, 1, 0, 0, 0]
    [C:\WINDOWS\system32\ffdshow.ax]  [, 1.0.2.2028]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\StormII\Codec\TTL2Dec.dll]  [N/A, ]
    [C:\Program Files\StormII\Codec\Vid1Dec.dll]  [N/A, ]
    [C:\Program Files\StormII\Codec\xvid.ax]  [N/A, ]
    [C:\WINDOWS\system32\LCodcCMP.dll]  [LEAD Technologies, Inc., 1.0.0.009]
    [C:\WINDOWS\system32\icmw_32.dll]  [Aware Inc., 1.65.2.3]
[PID: 1304 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1056 / admin][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.18]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1108 / admin][C:\Program Files\racer-han-cnc\racer.exe]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-han-cnc\rwxre.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-han-cnc\nspr4.dll]  [Netscape Communications Corporation, 4.6.1]
    [C:\Program Files\racer-han-cnc\xpcom_core.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-han-cnc\plc4.dll]  [Netscape Communications Corporation, 4.6.1]
    [C:\Program Files\racer-han-cnc\plds4.dll]  [Netscape Communications Corporation, 4.6.1]
    [C:\Program Files\racer-han-cnc\nss3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\Program Files\racer-han-cnc\softokn3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\Program Files\racer-han-cnc\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\racer-han-cnc\gkgfx.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-han-cnc\xpcom_compat.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-han-cnc\smime3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\Program Files\racer-han-cnc\ssl3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\Program Files\racer-han-cnc\components\jar50.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-han-cnc\components\racer_base_comp.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-han-cnc\racer_base.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-han-cnc\kbdhook.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-han-cnc\components\gklayout.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-han-cnc\nssckbi.dll]  [Netscape Communications Corporation, 1.53]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\Program Files\racer-han-cnc\components\racer_ad_comp.dll]  [Putian Runway, 3,3,130,306]
    [C:\WINDOWS\system32\csdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor1.dll]  [N/A, ]
    [C:\Program Files\racer-han-cnc\components\racer_access_pppoe.dll]  [Putian Runway, 3,3,130,325]
    [C:\Program Files\racer-han-cnc\pppoe.dll]  [北京润汇科技有限公司, 9, 0, 22, 50]
    [C:\Program Files\racer-han-cnc\components\racer_nss4_comp.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-han-cnc\nss4.dll]  [北京润汇科技有限公司, 1, 0, 0, 4]
    [C:\Program Files\racer-han-cnc\wpcap.dll]  [CACE Technologies, 3, 2, 0, 29]
    [C:\Program Files\racer-han-cnc\packet.dll]  [CACE Technologies, 3, 2, 0, 29]
    [C:\Program Files\racer-han-cnc\WanPacket.dll]  [CACE Technologies, 3, 2, 0, 29]
[PID: 1136 / admin][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]

[PID: 1512 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2520 / admin][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\RACER-~1\pppoe.dll]  [北京润汇科技有限公司, 9, 0, 22, 50]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\csdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor1.dll]  [N/A, ]
[PID: 348 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 2312 / admin][D:\Vagaa\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\vagaa.exe]  [Vagaa Development Team, 2.6.5.6]
    [D:\Vagaa\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\TouDll.dll]  [Vagaa Development Team, 2.6.4.4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [D:\Vagaa\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\UPnPDll.dll]  [Vagaa.com, 2, 6, 4, 0]
    [C:\WINDOWS\system32\wldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\csdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor1.dll]  [N/A, ]
[PID: 2368 / admin][D:\Vagaa\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\Downloads\Vagaa\VExplorer.exe]  [www.vagaa.com, 2.6.4.0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\wldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\csdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor1.dll]  [N/A, ]
[PID: 2952 / admin][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 3464 / admin][D:\Vagaa\Downloads\MPlayer_Windows\MPlayer.exe]  [KeyJ, 1.1.903.37]
    [D:\Vagaa\Downloads\MPlayer_Windows\unrar.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\wldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\csdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor1.dll]  [N/A, ]

[PID: 3596 / admin][F:\qq\QQ.exe]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQBaseClassInDll.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQHelperDll.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\BasicCtrlDll.dll]  [TENCENT, 7, 0, 431, 1723]
    [F:\qq\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [F:\qq\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [F:\qq\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [F:\qq\QQAPI.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [F:\qq\LoginCtrl.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\LoginCtrlRes.dll]  [TENCENT, 7,0,431,1723]
    [C:\WINDOWS\system32\wldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\csdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor1.dll]  [N/A, ]
    [F:\qq\QQRes.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\WizardCtrl.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQMainFrame.dll]  [N/A, ]
    [F:\qq\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\qq\CQQApplication.dll]  [N/A, ]
    [F:\qq\UnReadMsgMgr.dll]  [N/A, ]
    [F:\qq\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [F:\qq\NewSkin.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\MailSummary.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQKnowledgeSearch.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQAllInOne.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [F:\qq\CameraDll.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQSpace.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [F:\qq\QQGroupMng.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\UserDefinedHead.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQPlugin.dll]  [N/A, ]
    [F:\qq\LongConnection.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQConfigPlugin.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQCustomFace.dll]  [N/A, ]
    [F:\qq\QQAvatar.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [F:\qq\ImageOle.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQLiveQMng.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QRingMng.dll]  [N/A, ]
    [F:\qq\QQSceneMng.dll]  [N/A, ]
    [F:\qq\QQPet.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQSysMsgMng.dll]  [N/A, ]
    [F:\qq\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310]
    [F:\qq\QQFileTransfer.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\PhoneAPI.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [F:\qq\GroupConnection.dll]  [TENCENT, 7,0,431,1723]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [F:\qq\BQQApplication.dll]  [N/A, ]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\qq\QQMagicFace.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\QQSettingCtrl.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\CommercesMng.dll]  [TENCENT, 7,0,431,1723]
    [F:\qq\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [F:\qq\AddrSearch.dll]  [腾讯科技（深圳）有限公司, 2, 1, 9, 95]
[PID: 3508 / admin][F:\qq\TIMPlatform.exe]  [TENCENT, 7,0,431,1723]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [F:\qq\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 2016 / admin][D:\木马客星\Iparmor\Iparmor.exe]  [luosoft.com, 2007]
    [D:\木马客星\Iparmor\getportlistxp.dll]  [, 1, 0, 0, 1]
    [D:\木马客星\Iparmor\hookhookdll.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\wldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\csdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor1.dll]  [N/A, ]
[PID: 2920 / admin][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\wldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\csdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor1.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 1440 / admin][F:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [F:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\wldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\csdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dadoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wodoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztfree1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\mydoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\cqdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\tldoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wddoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\rxdoor1.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh3oor1.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1056, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1108, C:\PROGRAM FILES\RACER-HAN-CNC\RACER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2312, D:\VAGAA\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\VAGAA.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2368, D:\VAGAA\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\DOWNLOADS\VAGAA\VEXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2952, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3464, D:\VAGAA\DOWNLOADS\MPLAYER_WINDOWS\MPLAYER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2016, D:\木马客星\IPARMOR\IPARMOR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]